Expand description
§tor-hscrypto
tor-hscrypto
: Basic cryptography used by onion services
§Overview
This crate is part of Arti, a project to implement Tor in Rust.
Onion services and the clients that connect to them need a few cryptographic operations not used by the rest of Tor. These include:
- A set of key-blinding operations to derive short-term public keys from long-term public keys.
- An ad-hoc SHA3-based message authentication code.
- Operations to encode and decode public keys as
.onion
addresses. - A set of operations to divide time into different “periods”. These periods are used as inputs to the DHT-style hash ring, and to the key-blinding operations.
- Proof of work schemes for resisting denial of service attacks
This crate implements those operations, along with a set of wrapper types to keep us from getting confused about the numerous keys and nonces used for the onion services.
§Compile-time features
-
memquota-memcost
– implementtor_memquota::HasMemoryCost
for many types. (Does not actually force compiling in memory quota tracking; that’smemquota
intor-memquota
and higher-level crates.) -
ope
– support for Order Preserving Encryption -
full
– Enable all features above.
§Experimental and unstable features
Note that the APIs enabled by these features are NOT covered by semantic versioning1 guarantees: we might break them or remove them between patch versions.
-
hs-pow-full
– Tor Hidden Services Proof of Work. -
experimental
: Enable all the above experimental features.
§License
MIT OR Apache-2.0
When the pow
feature is used, we link with LGPL licensed dependencies.
Remember, semantic versioning is what makes various
cargo
features work reliably. To be explicit: if you wantcargo update
to only make safe changes, then you cannot enable these features. ↩
Modules§
- ope
ope
- A simple order-preserving encryption function.
- ops
- Mid-level cryptographic operations used in the onion service protocol.
- pk
- Key type wrappers of various kinds used in onion services.
- pow
- Proof of Work schemes for onion services
- time
- Manipulate time periods (as used in the onion service system)
Structs§
- Rend
Cookie - An opaque value
RENDEZVOUS_COOKIE
used at a rendezvous point to match clients and services. - Revision
Counter - Counts which revision of an onion service descriptor is which, within a given time period.
- Subcredential
- A value to identify an onion service during a given period. (
N_hs_subcred
)
Constants§
- NUM_
INTRO_ POINT_ DEF - Default number of introduction points a service should establish
- NUM_
INTRO_ POINT_ MAX - Maximum number of introduction points a service should establish and we should tolerate